I just tried to download the version, now I can fill in the form, but when I click on download I recieve again a 404 message 
Sorry! We can't locate the page you asked for.
(URL: https://www.centrify.com/express/linux-unix/download-files/#accordion-download-express-02)
Hi
We are really sorry about this. Our web team has fixed the bad link on the Mac Express download page. Please let me know if you run into any additional issues.
Regards,
I'm trying to get myself set up to be able to authenticate to websites in Chrome using my CAC on my Macbook. I have a smart card reader; Smart Card Assistant (Centrify Express for Smart Card) installed and recognizing my card; all necessary certificates installed and recognized. I am able to authenticate to, for instance, myaccess.dmdc.osd.mil using Safari. It prompts for my PIN. After I enter it I am sent to the page I'm accessing.
When attempt to log into the above website using Chrome, I instead get "ERR_BAD_SSL_CLIENT_AUTH_CERT". It doesn't prompt for my PIN. The certificates are never presented for selection and aren't being sent to the site. I've tried the option in Chrome to manage certficates but this simply opens Keychain Access. My CAC is listed with its certificates. I'm not able to link these certificates to Chrome in any way. I've even tried to add a New Identity Preference but the only certificates given to select are from Apple.
What special steps do I need to take to get this to work with Chrome?
Good afternoon all,
I have a co-worker using a Samsung Galaxy Note 4 running Android 6.0.1 attempting to login with Microsoft Staff Hub app, but it never completes the multi-factor authentication. It shows attempting to call *** *** ####, but no call is received.
Any suggestions?
Hey theillien,
Take a look at this KB to configure your certificate. https://centrify.force.com/support/Article/KB-2957-How-to-use-smart-cards-with-Chrome-to-access-protected-web-sites and let me know if this works.
Hi skeown,
Welcome to Centrify Community!
May I know which country code and the phone format you entered for this user? The call will be failed if this is an incorrect phone number or in an inappropriate format. Please make sure the phone number of the user is correct. Besides, stating the country code will make things clear. Here is the example, if the mobile phone is in Japan, the mobile number should be in this format: +81 11112222
If it is still failed, please add 'email confirmation code' or other challenges in Authentication Profiles to unblock user enrollment.
Hope this will help. Please let us know if you have further questions. Thank you.
Kind Regards,
Yeny
I would assum its possible, but I'm trying tyo find out how to get a network share to show up on my mobile devices, pushed through Centrify.
Perhaps there is a way for them to open the CompanyApps app, and there would be a folder that links back to my file server?
Welcome back.
I would thread carefuly, especially when making assumptions about product behavior.
The main capability is working as an IDP. If you have a company app, typically it is a web or mobile app.
Network shares are a different beast (usually CIFS or NFS filer, and there are identity considerations as well as network prots required) so you won't be able to publish some sort of shortcut like smb://your-server/your-share and expect this to work like your browser will do.
There are web interfaces for file shares that expose them via HTTP(s), in that case you may be able to publish that web application, but again, these are not "plug and play" configuraitons like we make others work.
We are having a similar issue with organizations wanting to use our app gateway, RDP and SSH secure access as a Terminal Server/Citrix subsitute, and that's not what those solutions are designed for.
Just my $0.02.
R.P
Hey everyone.
I'm trying to get this login script to work to change my printer settings from color (default) to black and white...
Here's what I've done...
I've gone into Group Policy>Computer Configuration>Policies>Centrify Settings>Common Unix Settings>Copy Files
I have it set to copy this file to /usr/local/bin
This is the script "7545_BW_Login.sh":
#!/bin/bash
lpadmin -h 127.0.0.1:631 -p Xerox7545 -o XRColorCorrection=gray
This command does what I want it to do when executed locally.
Next I've tried several different aproaches to get this script to fire on login with no success. I'm pretty new to mac management but here's what I've tried...
Group Policy>Computer Configuration>Policies>Centrify Settings>Mac OS X Settings>Scripts (Login/Logout)
I've tried \\mycomp.local\sysvol\mycomp.local\scripts\execute_7545_BW_Login.sh
Didn't work.
Created an execute script that says this"execute_7545_BW_Login.sh:
#!/bin/bash
bash /usr/local/bin/7545_BW_Login.sh
Tried putting this script into the computer config login script area.
No dice.
I've tried putting one / both of these scripts into the user login script with run as root privilidges.
(User Configuration>Centrify Settings>Mac OS X Settings>Scripts (login/logout
None of these options have worked. Am I putting the script in the wrong location? There's no evidence that the script is attempting to fire. I can execute either of these script text on my local mac and get them to work, but it's not firing from login via group policy.
I've done gpupdate /force on the AD controller and adgpupdate on my machine and nothing.
Any advice?
Welcome to the Centrify community.
A general framework to troubleshoot group policy:
R.P
I downloaded centrify express, but my smart card does not appear on keychain access. I do not think the computer is recognizing my smart card. How do you correct this?
Thank you for your time and consideration.
Hi
Welcome to Centrify Community!
Normally, when the card reading LED light flashes, it should mean it's loading the content within the card. If
the card is still not appearing in Keychain Access, then please try these steps:
1) Login to the Mac as Local Admin and open Finder
2) From the menu bar at the top, click on:
Go > Go to Folder > Enter: /System/Library/Security/tokend/
3) Here you should see four tokend files: CAC, CACNG, PIV, and BELPIC
We will try the card against each tokend separately to see if one of them can work properly.
4) Create a new folder at: /System/Library/Security/tokend/tmp/
5) Move all the tokend files into this new tmp/ folder apart from the one named: PIV.tokend
6) Open Keychain Access, and remove and insert your card
7) If there is no response in the Keychain, swap out the PIV tokend for another one in the tmp/ folder. We should expect at least one of the tokends to work with your card.
Some background on this method can be found in these articles here:
- http://community.centrify.com/t5/The-Centrify-Apple-Guys/About-Centrify-and-PIV-Certificate-Problem/...
- http://community.centrify.com/t5/Centrify-Identity-Service/Explaining-U-S-Government-Smart-Cards/ba-...
Please let me know the result of the above. Thank you!
BR
Ivan
Just wanted to see if you are still having any issue.
unable to log in to any .mil websites that require CAC cards. Did everything on this website "https://militarycac.com/". with still no success. On my CACcard log it siads ** This certificate cannot be used for pkinit.
also this is on a MacOS High Sierra
Hi
Welcome to Centrify!
The card may contain multiple certificates which some are not used for authentication and that's why you may get this message.
Could you firstly try the following steps in the below link to see if it can help with your situtation?
If the above could not help, could you post us the whole diagnostic output for further investigation? Thanks!
Please feel free to contact us if you need any assistance.
BR,
Ivan
Could anyone provide a way to identify the previous version installed from backup files, eg reg entry for Enterprise, Express, etc
We've had a physical DC crash which had this running but have never had to deal with (inherited, appears to have been v3, v4 and currently 5.0.2)
Centrify Corporation Centrify Common Component 3.0.0.100 3.0.0.100
Centrify Corporation Centrify Deployment Manager 2.1.2.443 2.1.2.443
Centrify Corporation Centrify DirectControl ADUC Extension 5.0.2.388 5.0.2.388
Centrify Corporation Centrify DirectControl ADUC Extension 5.0.2.388 5.0.2.388
Centrify Corporation Centrify DirectControl Console 5.0.2.388 5.0.2.388
Centrify Corporation Centrify DirectControl Console 5.0.2.388 5.0.2.388
Centrify Corporation Centrify DirectControl Password Sync 5.0.2.388 5.0.2.388
Centrify Corporation Centrify DirectControl Password Sync 5.0.2.388 5.0.2.388
We have backups of the DC however the previous administrator has not kept the install files on the server.
I'm unsure what might happen if we just install the latest express version.
So if possible could also let me know what version of the suite I need to re-install the same version.
Any advice appreciated.
Thanks
Welcome to the Centrify forum.
We are happy to point you in the right direction, however, based on the components listed, looks like you are, were or at least tried the commercial version of our software.
The most important thing to know is to find out if you are (or were) at some point a commercial customer and how much of a commercial deployment you have (instead of Express). The last thing you want is to discover that you thought you were using Express, you are not, and then a bunch of critical systems are not accesible because your restore did not take that into consideration.
With that said, several potential courses of action here:
Tips to find out if you're using the commercial version vs. express version:
What you need to download?
If Express:
Expess page: https://www.centrify.com/express/linux/download/ (you'll have to fill the form).
If commercial software:
(Note that the new product packaging includes our IDaaS platform and Vault).
Both links above require Customer Support Portal access.
What could have happened?
Finally, since this is likely to be read by people in the future, in the community there are resources that are useful:
R.P
Good Afternoon,
I am working for a client who uses Centrify software on their RHEL7 servers. I have been reaching out on all channels to implement a change that they requested. Basically, Centrify accounts work fine with normal SSH logins, but using the rhel supported tigervnc-server, a separate password is requested. Are you aware if there is a documented solution using Centrify to log in with the same credentials both to ssh and VNC?
Thank you,
-Paul
Welcome to the Centrify forums.
I would make sure the VNC server is configured to use the proper PAM modules.
Looking at http://tigervnc.org/doc/Xvnc.html it seems there's a parameter:
−pam_service name, −PAMService name
As a courtesy, here's an article from the KB (refers to a different VNC server, but looks promising)
12 April,16 at 10:57 AM
We encourage you to share your results with the community to benefit future readers.
R.P
